b'                       U.S. Environmental Protection Agency \t                                                  11-P-0429\n                                                                                                           August 3, 2011\n                       Office of Inspector General\n\n\n                       At a Glance\n                                                                              Catalyst for Improving the Environment\n\nWhy We Did This Review            Results of Technical Network Vulnerability\nThe Environmental Protection\n                                  Assessment: EPA\xe2\x80\x99s National Health &\nAgency (EPA), Office of           Environment Effects Research Laboratory,\nInspector General, conducted      Western Ecology Division\nthis audit to identify\nvulnerabilities associated with\nthe Agency\xe2\x80\x99s network devices       What We Found\nlocated in EPA\xe2\x80\x99s National\nHealth & Environment Effects      Vulnerability testing of EPA\xe2\x80\x99s NHEERL Western Ecology Division network\nResearch Laboratory               conducted in March 2011 identified Internet Protocol addresses with numerous\n(NHEERL) Western Ecology          high-risk and medium-risk vulnerabilities. The Office of Inspector General met\nDivision building, and provide    with EPA information security personnel to discuss the findings. If not resolved,\nthe results to the appropriate    these vulnerabilities could expose EPA\xe2\x80\x99s assets to unauthorized access and\nEPA officials who can then        potentially harm the Agency\xe2\x80\x99s network.\npromptly remediate and/or\ndocument planned actions to        What We Recommend\nresolve the identified\nvulnerabilities. This audit was   We recommend that the Senior Information Official, Office of Research and\nconducted in support of the       Development, and Director, Enterprise Desktop Solutions Division, Office of\nannual audit of EPA\xe2\x80\x99s             Environmental Information:\ncompliance with the Federal\nInformation Security                 \xef\x82\xb7\t Provide the Office of Inspector General a status update for all identified\nManagement Act.                         high-risk and medium-risk vulnerability findings contained in this report.\n                                     \xef\x82\xb7\t Create plans of action and milestones in the Agency\xe2\x80\x99s Automated Security\n                                        Self-Evaluation and Remediation Tracking system for all vulnerabilities\n                                        that cannot be corrected within 30 days of this report.\n                                     \xef\x82\xb7\t Perform a technical vulnerability assessment test of assigned network\n                                        resources within 60 days to confirm completion of remediation activities.\n\n                                  The full report is not available to the public due to the sensitive nature of its\n                                  technical findings.\n\n\n\n\nFor further information,\ncontact our Office of\nCongressional, Public Affairs\nand Management at\n(202) 566-2391.\n\x0c'